[Gllug] p2p programs
Paul Rayner
paul at ylemsolutions.com
Mon Nov 14 17:32:29 UTC 2005
On 14 Nov 2005, at 16:37, Henry Gilbert wrote:
>
> Don't put words in my mouth.
> I never said that.
> It's easier for you to be binary about the subject
> and pidgeon-hole me into absolutes:
> ie 100% safe, never-get-problems etc.
er, maybe I misread these comments then...
On 13 Nov 2005, at 12:45, Henry Gilbert wrote:
> Linux is indeed safe and I've never came across anyone infected by a
> trojan or a virus in Linux. I still think Desktop Linux viruses is
> theoretically impossible;
...
> All in all, it is extremely safe browsing the net using Desktop Linux.
> There is no self-installing attachments to worry about.
> There is no known succesful exploits that I am aware of.
Linux users have historically been more security aware than Windows
users as Linux has required the ability to install the OS, and many
users come from techie backgrounds. Most linux desktop users therefore
know not to do things like running untrusted programs, know not to use
root sparingly etc, so are less likely to `catch' any viruses, spyware
etc. The main reason there are not lots of people writing malware
attempting to trick linux desktop users into compromising their
machines is that there are so few linux desktop users compared to
Windows users.
A desktop linux virus is certainly not impossible. An attachment to an
email that contains a shell script or other linux executable wouldn't
be hard to write, nor would a signed Java applet that tries to take
ownership of your system. If you're running as root, the malware would
have a free reign over your system.
> I've installed Ubuntu Linux to a group of young webdesigners in Spain.
> Then one day - they were all happy about how Linux is superb as a
> webserver and all.
> They've signed up with some ISP that offered Linux as a webserver.
> Then Two months later, they phone at 1am saying their Fedora Linux got
> badly hacked.
>
Servers *are* more likely to get cracked, but IMO this is mostly
because they are a far more attractive target to a cracker/script
kiddie. A powerful server with a dedicated backbone connection is of
far more use to these people than a PC on dial up or broadband. Also,
IP ranges likely to contain servers are much more likely to get scanned
by people wishing to crack linux boxes than ranges used by ISPs for
broadband.
> A simple browse at webdesigning forums will tell you of similar
> stories.
> In fact, it _seems_ more Linux webservers get hacked than Windows
> because of lack of expertise and utter negligence of new admins.
If this is the case ( I have no stats as to whether more Windows web
servers or linux web servers get hacked), perhaps you can see why
people on this list wish security to be seriously, and take issue with
some of the points you have made.
> When was the last time an ASP application suffered similar wide-spread
> exploit?
> And yet PHP Bulletin Boards is plagued with recurring risks.
../../../
(although be careful - typing that on the wrong server could land you
in jail)
Regards,
Paul
--
Paul Rayner
Ylem Solutions Ltd ~ 32-38 Leman St, London. E1 8EW
Office: 020 7173 6241 ~ Mobile: 07739 143 763 ~
Paul.Rayner at YlemSolutions.com
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list